Caution! 37 security vulnerabilities have been identified on its platform Magento. The company has recently released new releases content management software.
The Magento owned by Adobe from 2018, has one of the most popular content management system (CMS) that feeds 28% of websites worldwide. So, because there are a lot of chances that many of you belong to 28%, pay close attention.
One of the most critical vulnerabilities concerns SQL Injection, which can be used remotely by unauthorized intruders. For security reasons, Magento developers have decided not to issue technical details about the defect.
The defect, which does not have an identifier CVE but it has an internal label "PRODSECBUG-2198", it could allow hackers to steal sensitive information from vulnerable e-commerce websites, including admin sessions or passwords for dashboards the administrator.
In addition to SQLi vulnerability, Magento has also repaired it cross-site request (CSRF), cross-site scripting (XSS), remote code execution (RCE) and other defects. However, exploiting the majority of these vulnerabilities requires certification of intruders on the site.
Affected versions of Magento include:
- Magento Open Source before 9.4.1
- Magento Commerce before14.4.1
- Magento Commerce 2.1 before 1.17
- Magento Commerce 2.2 before 2.8
- Magento Commerce 2.3 before 3.1
Since Magento sites not only store users' information but also contain customer history and financial information, the defect can lead to catastrophic attacks on the Internet.
Online store owners are urged to upgrade their e-commerce websites to the latest updates as soon as possible before hackers begin to exploit the error to jeopardize your sites and steal your customer's payment card details.